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DETAILED ACTION 

1. Claims 1-14 are pending in this application and presented for examination. 

Objections 
Drawings 

2. The drawings are objected to because reference characters, preferably numbers are not 
included. Reference numbers should be included in order to support comprehension of that 
which is being disclosed to the public and to facilitate understanding and appreciation of 
specifically what the applicant has invented. No new matter should be entered. Corrected 
drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to 
avoid abandonment of the application. Any amended replacement drawing sheet should include 
all of the figures appearing on the immediate prior version of the sheet, even if only one figure is 
being amended. The figure or figure number of an amended drawing should not be labeled as 
"amended." If a drawing figure is to be canceled, the appropriate figure must be removed from 
the replacement sheet, and where necessary, the remaining figures must be renumbered and 
appropriate changes made to the brief description of the several views of the drawings for 
consistency. Additional replacement sheets may be necessary to show the renumbering of the 
remaining figures. Each drawing sheet submitted after the filing date of an application must be 
labeled in the top margin as either "Replacement Sheet" or "New Sheet" pursuant to 37 CFR 
1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and 
informed of any required corrective action in the next Office action. The objection to the 
drawings will not be held in abeyance. 
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Specification 

3. The disclosure is objected to because of the following informalities: reference characters, 
preferably numbers are not included. Reference numbers corresponding to parts of associated 
figures should be included in order to enhance readability of that which is being disclosed to the 
public and to facilitate understanding of what the applicant has invented. No new matter should 
be entered. Appropriate correction is required. 

Claims 

4. Claims 1 (line 3, "(a)"), 8 (lines 3 and 4, "(a)" and "(b)" respectively), 9 (line 3, "(a)"), 14 
(lines 3 and 4, "(a)" and "(b)" respectively), are objected to because of the following 
informalities: including reference characters enclosed within parentheses for which there are no 
corresponding elements recited in the detailed description or the drawings. Appropriate 
correction is required. 

5. Claim 3 is objected to because it lacks a period at the end of the claim. Appropriate 
correction is required. 

Claim Rejections - 35 USC §102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 
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7. Claims 1, 2, and 4-6 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Bernstein et ah, U.S. Patent No. 5,761,071, (hereinafter "Bernstein"). 

8. Regarding claim 1, Bernstein discloses a method for limiting access to resources (Figures 
1 and 6, column 4, lines 33-36 "In desktop computer kiosk systems where the keyboard 22 and 
the mouse 24 are accessible to users, security control software ... is utilized to render the 
browser software tamper-resistant for reliable self-service") of a personal computer (column 4, 
lines 3-5 "a kiosk in accordance with the invention could also be provided as a desktop computer 
or some other self-service system") with an operating system (column 3, line 63 "any . . . 
operating system") while allowing access to information via a web browser program (column 5, 
lines 7-10 "the same result may be achieved by coding a browser together with the GUI desired 
for use in a kiosk as a single executable program"), comprising: 

running on the personal computer a locking program (interpreted by the examiner as a 
program controlling user access. Bernstein discloses a GUI (column 3, line 10) and "security 
control software" (column 3, lines 17-18) that limit the users' access to URLs, data, and system 
functions) that modifies functions of the web browser program (column 5, lines 10-11 "including 
browser API calls into the NetKey ™ product") and functions of the operating system (Figure 6, 
column 3, lines 17-21 "a security control software which is programmed to disable operating 
system functions available to the user of the self-service computer to resist tampering with 
operation of the self-service computer" and column 6, lines 50-52 "In block 124, the provider of 
the kiosk system is given the option of limiting the operating system functions . . . available to 
the user of the kiosk system") to disable functions that allow access to any data file (Figures 1 
and 6, column 1 lines 10-14 "A kiosk is essentially a self-service system ... for use in providing 
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information and/or performing transactions (e.g., dispensing money as done by automated teller 
machines)," Examiner asserts that the invention of the reference necessarily includes the ability 
to disable access to at least one data file, which is inherent in the operation of a kiosk as for 
example, an automated teller machine which only allows user access to data files associated with 
that user, and disables access to data files not associated with that user. The reference teaches 
the abilities of browsers over which the invention of the reference asserts control in column 1, 
lines 33-35 "Graphical browsers are application programs which [can] access and display many 
different types of electronic information, such as a text file, a graphics file, a sound file, a video 
file and a database item, to name a few," additionally the invention of the reference provides for 
limitations of the operating system functions at column 6, lines 50-55 "In block 124, the provider 
of the kiosk system is given the option of limiting the operating system functions . . . available to 
the user of the kiosk system. This is done by providing a predetermined set of operating system 
functions from which the kiosk system provider can select those system functions to be 
disabled." Clearly limiting the browser and operating system functions includes controlling 
access to any data file.) in a memory of the computer other than web browser access to a 
specified list of URL's (column 6, lines 40-43 "provider/operator is given the option of 
restricting the browser's access to URL or URLs specified by the provider/operator") until an 
authenticating input (column 6, lines 32-34 "a test is conducted to see if the correct password has 
been entered for accessing the security control software") is received by the computer. 
9. Regarding claim 2, Bernstein discloses that "[o]nce the settings for NetKey ™ have been 
set, then the kiosk system ... is ready for use by the public (column 6, lines 63-65). Necessarily 
present in the browser kiosk system being ready for use by the public is launching the browser, 
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which is inherent in the kiosk being ready for unattended public use. By being ready for public 
use, the kiosk must have gone through an initial set up including the provider/operator launching 
a browser. Clearly, launching the web browser if it is not already launched is inherent in the 
browser kiosk system being ready for public use. 

10. Regarding claim 4, Bernstein further discloses a password being the authenticating input 
(column 6, lines 32-34 "a test is conducted to see if the correct password has been entered for 
accessing the security control software"). 

11. Regarding claim 5, Bernstein further discloses the specified list containing only one URL 
(column 6, lines 40-42 "restricting the browser's access to URL or URLs specified by the 
provider/operator"). 

12. Regarding claim 6, Bernstein further discloses the specified URL being stored in a 
memory of the personal computer (column 6, lines 44-45 "these URLs are stored in memory"). 



Claim Rejections - 35 USC § 103 

13. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

14. Claims 3, and 7 are rejected under 35 U.S.C. 103(a) as being unpatentable over Bernstein 



as applied to claim 1, above. 
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15. Regarding claim 3, Bernstein does not explicitly disclose delaying running of the locking 
program, disabling functions of the operating system and the web browser program until the 
expiration of a set amount of time. 

However, Bernstein teaches an "attract loop" (column 7, line 25), that is "controlled by a 
time-out function, such that when there is no user input for a specified period of time, the attract 
loop appears on the screen" (column 7, lines 30-33). Bernstein further teaches "A suspend 
daemon, which may be provided as an enhancement to NetKey ™, running in the background 
[that] shuts down the GUI control software and/or the security control software and/or the 
browser software when a SUSPEND file is copied to a specified directory on the kiosk system" 
(column 7, lines 15-19). Bernstein also teaches an associated "restart daemon running in the 
background [that] starts the modified software when a RESTART file is copied to a specified 
directory on the kiosk system" (column 7, lines 22-24). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the suspend, restart, and attract loop features taught in Bernstein in order to 
protect the security of a shared system on which there has been no activity for a period of time. 

16. Regarding claim 7, Bernstein does not explicitly disclose locking the keyboard, actions 
of pointer buttons other than a main button, and any other input method, so that the only input 
methods available to a user are pointer movement and main pointer button clicks. 

However, Bernstein teaches locking the keyboard and mouse in a storage compartment 
after setting the system settings so that kiosk users cannot use them, (column 4, lines 29-33, see 
also Figure 1). Bernstein also teaches a method for "desktop computer kiosk systems where the 
keyboard . . . and the mouse ... are accessible to users, [providing] security control software . . . 
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to render the browser software tamper-resistant for reliable self-service" (column 4, lines 33-37, 
see also Figure 1). Bernstein further teaches in systems where the keyboard and/or mouse are 
accessible to the user, such security control software "permitting] the kiosk system 
provider/operator to limit the system functions available to the user" (column 6, lines 27-30), by 
"limiting the operating system functions . . . available to the user" (column 6, lines 51-52). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 
invention to use the security control software of Bernstein to limit the keyboard and mouse 
functions available for user input to facilitate security of a shared system and tamper-resistance 
for kiosks. 

17. Claim 8 is rejected under 35 U.S.C. 103(a) as being unpatentable over Bernstein further 
in view of Robertson, U.S. Patent No. 6,609,106 Bl, (hereinafter Robertson). 

Regarding claim 8, Bernstein teaches a browser GUI " customized to provide a user- 
friendly, tamper-resistant environment suitable for a kiosk system" (column 4, lines 56-58, see 
also Figure 4), employing "an enhanced mouse driver ... to detect whether the user of the kiosk 
system ... has touched one of the button images" (column 5, lines 39-42) along with clicking 
buttons at the edge of the screen (Figure 4), but fails to explicitly disclose an authenticating input 
with a button. 

Robertson teaches authenticating input with a button (Figure 15, element 260 "Log On 
link," Figure 20, and column 20, lines 38-40 "if the Log On link 260 is selected, then the 
User/SP must first authenticate using the user interface dialog depicted in Fig. 20A"). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 
invention to use the security control software and customizable GUI provided by Bernstein, with 



Application/Control Number: 10/699,266 Page 9 

Art Unit: 2196 

the button taught by Robertson in order to enable security on a shared system via a mouse click 
on a particularly placed button triggering authentication. 

18. Claims 9-13 are rejected under 35 U.S.C. 103(a) as being unpatentable over Bernstein 
further in view of PCS Edventures! Joins Children's Technology Group in Protecting Kids on the 
Internet-PCS to Help Market CTG's Garfield Island ™ - A Unique Kid-Safe Web Browser and 
Online Community , Business Wire, April 3, 2002 (hereinafter " Garfield Island "). 

19. Regarding claim 9, Bernstein discloses a method for limiting access to resources (Figures 
1 and 6, column 4, lines 33-36 "In desktop computer kiosk systems where the keyboard 22 and 
the mouse 24 are accessible to users, security control software ... is utilized to render the 
browser software tamper-resistant for reliable self-service") of a personal computer (column 4, 
lines 3-5 "a kiosk in accordance with the invention could also be provided as a desktop computer 
or some other self-service system") with an operating system (column 3, line 63 "any . . . 
operating system") while allowing access to information via a web browser program (column 5, 
lines 7-10 "the same result may be achieved by coding a browser together with the GUI desired 
for use in a kiosk as a single executable program"), comprising: running on the personal 
computer a locking program (interpreted by the examiner as a program controlling user access. 
Bernstein discloses a GUI (column 3, line 10) and "security control software" (column 3, lines 
17-18) that limit the users' access to URLs, data, and system functions) that modifies functions 
of the web browser program (column 5, lines 10-11 "including browser API calls into the 
NetKey ™ product") and functions of the operating system (Figure 6, column 3, lines 17-21 "a 
security control software which is programmed to disable operating system functions available to 
the user of the self-service computer to resist tampering with operation of the self-service 
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computer" and column 6, lines 50-52 "In block 124, the provider of the kiosk system is given the 
option of limiting the operating system functions . . . available to the user of the kiosk system") 
to disable functions that allow access to any user accessible data (Figures 1 and 6, column 1 lines 
10-14 "A kiosk is essentially a self-service system ... for use in providing information and/or 
performing transactions (e.g., dispensing money as done by automated teller machines)," 
Examiner asserts that the invention of the reference necessarily includes the ability to disable 
access to at least one set of user accessible data, which is inherent in the operation of a kiosk as 
for example, an automated teller machine which only allows user access to data associated with 
that user, and disables access to data not associated with that user. The reference teaches the 
abilities of browsers over which the invention of the reference asserts control in column 1, lines 
33-35 "Graphical browsers are application programs which [can] access and display many 
different types of electronic information, such as a text file, a graphics file, a sound file, a video 
file and a database item, to name a few," additionally the invention of the reference provides for 
limitations of the operating system functions at column 6, lines 50-55 "In block 124, the provider 
of the kiosk system is given the option of limiting the operating system functions . . . available to 
the user of the kiosk system. This is done by providing a predetermined set of operating system 
functions from which the kiosk system provider can select those system functions to be 
disabled") in a memory of the computer other than web browser access to a web page specified 
by a first URL (column 6, lines 40-43 "provider/operator is given the option of restricting the 
browser's access to URL or URLs specified by the provider/operator") until an authenticating 
input (column 6, lines 32-34 "a test is conducted to see if the correct password has been entered 
for accessing the security control software") is received by the computer. 
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Bernstein fails to disclose permitting access to a web page beyond specified URLs (i.e., 
any web page that can be reached by following active links from one page to another). Garfield 
Island teaches a browser allowing surfing of pre-approved websites (paragraph 3). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Bernstein by the surfing feature taught by Garfield Island in order to provide 
additional information as indicated from the sponsor of the approved URL. 

20. Regarding claim 10, Bernstein discloses that "[o]nce the settings for NetKey ™ have 
been set, then the kiosk system ... is ready for use by the public (column 6, lines 63-65). 
Necessarily present in the browser kiosk system being ready for use by the public is launching 
the browser, which is inherent in the kiosk being ready for unattended public use. By being 
ready for public use, the kiosk must have gone through an initial set up including the 
provider/operator launching the browser. Clearly, launching the web browser if it is not already 
launched is inherent in the browser kiosk system being ready for public use. 

21 . Regarding claim 11, Bernstein does not explicitly disclose delaying running of the 
locking program, disabling functions of the operating system and the web browser program until 
the expiration of a set amount of time. 

However, Bernstein teaches an "attract loop" (column 7, line 25), that is "controlled by a 
time-out function, such that when there is no user input for a specified period of time, the attract 
loop appears on the screen" (column 7, lines 30-33). Bernstein further teaches "A suspend 
daemon, which may be provided as an enhancement to NetKey ™, running in the background 
[that] shuts down the GUI control software and/or the security control software and/or the 
browser software when a SUSPEND file is copied to a specified directory on the kiosk system" 
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(column 7, lines 15-19). Bernstein also teaches an associated "restart daemon running in the 
background [that] starts the modified software when a RESTART file is copied to a specified 
directory on the kiosk system" (column 7, lines 22-24). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the suspend, restart, and attract loop features taught in Bernstein in order to 
facilitate security of a shared system that on which there is no activity for a period of time. 

22. Regarding claim 12, Bernstein further discloses a password being the authenticating 
input (column 6, lines 32-34 "a test is conducted to see if the correct password has been entered 
for accessing the security control software"). 

23. Regarding claim 13, Bernstein does not explicitly disclose locking the keyboard, actions 
of pointer buttons other than a main button, and any other input method, so that the only input 
methods available to a user are pointer movement and main pointer button clicks. 

However, Bernstein teaches locking the keyboard and mouse in a storage compartment 
after setting the system settings so that kiosk users cannot use them, (column 4, lines 29-33, see 
also Figure 1). Bernstein also teaches a method for "desktop computer kiosk systems where the 
keyboard . . . and the mouse ... are accessible to users, [providing] security control software . . . 
to render the browser software tamper-resistant for reliable self-service" (column 4, lines 33-37, 
see also Figure 1). Bernstein further teaches in systems where the keyboard and/or mouse are 
accessible to the user, such security control software "permitting] the kiosk system 
provider/operator to limit the system functions available to the user" (column 6, lines 27-30), by 
"limiting the operating system functions . . . available to the user" (column 6, lines 51-52). 
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Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 
invention to use the security control software of Bernstein to limit the keyboard and mouse 
functions available for user input to facilitate security of a shared system and tamper-resistance. 

24. Claim 14 is rejected under 35 U.S.C. 103(a) as being unpatentable over Bernstein and 
Garfield Island for the same reasons as claim 9, above, and further in view of Robertson. 

Regarding claim 14, Bernstein teaches a browser GUI " customized to provide a user- 
friendly, tamper-resistant environment suitable for the kiosk system" (column 4, lines 56-58, see 
also Figure 4), employing "an enhanced mouse driver ... to detect whether the user of the kiosk 
system . . . has touched one of the button images" (column 5, lines 39-42) along with clicking 
buttons at the edge of the screen (Figure 4), but fails to explicitly disclose an authenticating input 
with a button. 

Robertson teaches authenticating input with a button (Figure 15, element 260 "Log On 
link," Figure 20, and column 20, lines 38-40 "if the Log On link 260 is selected, then the 
User/SP must first authenticate using the user interface dialog depicted in Fig. 20A"). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 
invention to use the security control software and customizable GUI provided by Bernstein, with 
the button taught by Robertson in order to enable security on a shared system via a mouse click 
on a particularly placed button triggering authentication. 
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Conclusion 

25. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure is: 

• Batalden et al, U.S. Patent Application Publication No. 2003/01 12271 Al, referring to a 
method of controlling a browser session. 

• Daniell et al, U.S. Patent No. 7,062,649 B2, referring to a system and method for 
categorizing security profile rules within a computer system. 

• Hearn et al, U.S. Patent Application Publication No. 2005/0091522 Al referring to a 
security system and method for computers. 

• Kuczora, United Kingdom Patent Application Publication No. 2 350 21 1 A, referring to 
an internet browser software lock. 

• McMillian, U.S. Patent No. 5,826,267, referring to a web information kiosk. 

• Netkev Releases New Version of Flagship Internet Kiosk Software, , Business Wire, April 
23, 2001, referring to operating system and keyboard lock-down, and URL arid surf 
control. 

Please direct any inquiry concerning this communication or earlier communications from 
the examiner to Beatrice Koempel-Thomas whose telephone number is 571-270-1252. The 
examiner can normally be reached on Monday - Thursday & alternate Fridays; 0730 - 1700. 

If attempts to reach the examiner by telephone are unsuccessful, please contact the 
examiner's supervisor, Nabil El-Hady, on 571-272-3963. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




